<?php

namespace App\Policies;

use App\User;
use Illuminate\Auth\Access\HandlesAuthorization;

class UserPolicy
{
    use HandlesAuthorization;

    /**
     * Determine whether the user can view the model.
     *
     * @param  \App\User  $user
     * @param  \App\User  $model
     * @return mixed
     */
    public function view(User $user, User $model)
    {
        //
    }

    /**
     * Determine whether the user can create models.
     *
     * @param  \App\User  $user
     * @return mixed
     */
    public function create(User $user)
    {
        //
    }

    /**
     * Determine whether the user can update the model.
     *
     * @param  \App\User  $user
     * @param  \App\User  $model
     * @return mixed
     */
    public function update(User $user, User $model)
    {
        //在这个权限策略中,对应的方法可以根据自己的需要写不同操作的权限返回值,返回值是真与假,如果返回是真,代表有权限,如果返回假,代表没权限
        //return $user->is_admin || $user->id ==$model->id;
        if($user->is_admin || $user->id == $model->id){
            return true;
        }else{
            return false;
        }

    }

    /**
     * Determine whether the user can delete the model.
     *
     * @param  \App\User  $user
     * @param  \App\User  $model
     * @return mixed
     */
    public function delete(User $user, User $model)
    {
//        return $user->is_admin;
        if($user->is_admin && $user->id !=$model->id){
            return true;
        }else{
            return false;
        }
    }
}
